Wireshark-bugs: [Wireshark-bugs] [Bug 5387] New: Kerberos: PA-PW-SALT is sometimes just a string

Date: Thu, 11 Nov 2010 22:51:55 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5387

           Summary: Kerberos: PA-PW-SALT is sometimes just a string (with
                    undefined locale)
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mykaul@xxxxxxxxx


Build Information:
SVN r34846
--
Per RFC 4120, section 5.2.7.3: 
"... Unfortunately, for historical reasons, the character set to be used is
unspecified and probably locale-specific."

and 5.2.7:
 3            pa-pw-salt       salt (not ASN.1 encoded)


So it can be just a string. And indeed, in a MS Windows capture I have the salt
is just a hostname+username string. It appears the Kerberos dissector always
dissects it as a NT error/status, which may mislead the user to think that
there's an unknown error (as the string is interpreted as an error).
Two solutions I can think of:
1. Probe the first 32 bit see if they match any known NT error. If they do,
possibly it's a NT error status code indeed.
2. If they don't, and it's an ASCII char, try to decode as string -
regretfully, I don't know how to get the length of the data from the ASN.1
context. If one can help me with that, we can even implement a 'dumber'
solution - if length != 12, dissect as string and not as NT status.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.